Merge pull request #1 from baldwin-agency/added-more-magento-versions…

…-support Added support for more Magento versions (security releases from June 2024)
baldwin-agency · Jun 12, 2024 · bcb30cb · bcb30cb
2 parents e9e8347 + afd2d5b
commit bcb30cb
Show file tree

Hide file tree

Showing 10 changed files with 214 additions and 197 deletions.
diff --git a/.php-cs-fixer.php b/.php-cs-fixer.php
@@ -24,6 +24,7 @@
         'phpdoc_align'                                     => ['align' => 'vertical'],
         'phpdoc_separation'                                => ['skip_unlisted_annotations' => true],
         'self_accessor'                                    => true,
+        'trailing_comma_in_multiline'                      => ['after_heredoc' => true, 'elements' => ['arrays']], // remove this line when we drop support for PHP < 8.0
     ])
     ->setFinder($finder)
 ;
diff --git a/Makefile b/Makefile
@@ -12,7 +12,7 @@ check: checkquality checkstyle
 checkstyle:
 	vendor-bin/php-cs-fixer/vendor/bin/php-cs-fixer fix --dry-run --diff --stop-on-violation --allow-risky=yes
 	vendor-bin/phpcs/vendor/bin/phpcs -s --standard=Magento2 --exclude=Magento2.Annotation.MethodAnnotationStructure,Magento2.CodeAnalysis.EmptyBlock --ignore=./vendor/,./vendor-bin/ .
-	vendor-bin/phpcs/vendor/bin/phpcs -s --standard=PHPCompatibility --runtime-set testVersion 8.2- --ignore=./vendor/,./vendor-bin/ .
+	vendor-bin/phpcs/vendor/bin/phpcs -s --standard=PHPCompatibility --runtime-set testVersion 7.4- --ignore=./vendor/,./vendor-bin/ .
 	vendor/bin/composer normalize --dry-run
 
 .PHONY: checkquality

diff --git a/Model/Collector/DynamicCollector.php b/Model/Collector/DynamicCollector.php
@@ -6,7 +6,10 @@
 
 class DynamicCollector
 {
-    public function add(mixed $policy): void
+    /**
+     * @param mixed $policy
+     */
+    public function add($policy): void
     {
         // do nothing
     }

diff --git a/Model/Policy/FetchPolicy.php b/Model/Policy/FetchPolicy.php
@@ -17,7 +17,7 @@ public function __construct(
         array $nonceValues = [],
         array $hashValues = [],
         bool $dynamicAllowed = false,
-        bool $eventHandlersAllowed = false,
+        bool $eventHandlersAllowed = false
     ) {
         // do nothing
     }

diff --git a/README.md b/README.md
@@ -7,18 +7,25 @@ This module exists for people who don't want to deal with the CSP (Content-Secur
 Up until Magento 2.4.7, it was simple, you could just remove the module via composer's `replace` syntax.
 But in Magento 2.4.7, this module is more tightly integrated with certain modules (like the AdminAnalytics, Checkout and Paypal modules), which - when you try to remove the CSP module using composer's `replace` syntax - would cause `bin/magento setup:di:compile` to fail.
 
+**Update 12 June 2024**: Magento devs decided to backport the CSP changes to the following Magento security releases, so we now also support these versions in the shim:
+
+- 2.4.4-p9
+- 2.4.5-p8
+- 2.4.6-p6
+
 This module provides a solution for this case, by pretending to be the Magento CSP module for certain classes that some other modules require. The classes introduced by this module use the Magento namespace because there doesn't seem to be another way of doing this but the classes are actually empty and only contain empty functions just so nothing crashes when other modules call them.
 
 This module comes bundled with the composer `replace` line to remove the Magento CSP module, so you don't need to do this yourself anymore.
 
 ## Watch out
 
-- The module is currently declared compatible with Magento 2.4.7 only, it's hard to predict what will happen in the future, so we'll try to open up compatibility with more future Magento versions when they get released.
+- **Do not install this module when you care about PCI DSS compliance!**
+- The module is currently declared compatible with specific versions of Magento only, it's hard to predict what will happen in the future, so we'll try to open up compatibility with more future Magento versions when they get released.
 
 ## Compatibility
 
-- This module should work with Magento 2.4.7
-- The module should be compatible with PHP 8.2 and 8.3
+- This module should work with Magento 2.4.4-p9, 2.4.5-p8, 2.4.6-p6, 2.4.7 and 2.4.7-p1
+- The module should be compatible with PHP 74, 8.1, 8.2 and 8.3
 
 ## Installation
 

diff --git a/composer.json b/composer.json
@@ -11,16 +11,16 @@
         }
     ],
     "require": {
-        "php": "~8.2.0 || ~8.3.0",
-        "magento/framework": "^103.0.7",
-        "magento/module-csp": "100.4.6"
+        "php": "~7.4.0 || ~8.1.0 || ~8.2.0 || ~8.3.0",
+        "magento/framework": "103.0.4-p9 || 103.0.5-p8 || 103.0.6-p6 || 103.0.7 || 103.0.7-p1",
+        "magento/module-csp": "100.4.3-p9 || 100.4.4-p8 || 100.4.5-p6 || 100.4.6"
     },
     "require-dev": {
         "bamarni/composer-bin-plugin": "^1.8",
         "ergebnis/composer-normalize": "^2.42"
     },
     "replace": {
-        "magento/module-csp": "*"
+        "magento/module-csp": "100.4.3-p9 || 100.4.4-p8 || 100.4.5-p6 || 100.4.6"
     },
     "repositories": [
         {